CVE-2020-12882

{"id": "CVE-2020-12882", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-05-15T05:15:13.397", "references": [{"url": "http://packetstormsecurity.com/files/157756/Submitty-20.04.01-Cross-Site-Scripting.html", "source": "cve@mitre.org"}, {"url": "https://github.com/Submitty/Submitty/issues/5266", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/157756/Submitty-20.04.01-Cross-Site-Scripting.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Submitty/Submitty/issues/5266", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow."}, {"lang": "es", "value": "Submitty versiones hasta 01.04.20 20, permite un ataque de tipo XSS por medio de la carga de un documento SVG, como es demostrado mediante un ataque por un Student contra un Teaching Fellow."}], "lastModified": "2024-11-21T05:00:28.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AA5D74C-AE38-41CE-B0C1-EFF897221AF6", "versionEndIncluding": "20.04.01"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}